1. Technical Field
The present disclosure relates to reporting an incident at an imaging device. More particularly, it relates to a method of reporting an unauthorized disclosure of sensitive and/or classified information at an imaging device.
2. Description of the Related Art
The unintentional disclosure of classified information (UDCI), or “spillage,” is a security incident that results in the transfer of classified information onto an information system not accredited (i.e., authorized) for the appropriate security level. A UDCI is considered to be a greater threat to national security and occurs on much greater frequency than the intentional disclosure of classified information, or “leakage.” For example, soldiers returning from a tour of duty print and copy incident reports without caring about the classification level of a multifunction product (MFP) they use. As a result, this “unclassified MFP” is then contaminated with classified information. Even if the soldier processing a document realizes his mistake and cancels the processing job, the MFP may still retain some of the classified information from the document the soldier was processing. Further, merely cancelling the job does not inform the relevant personnel of the possibility of the MFP being contaminated with classified information, and the soldier or user in question may not report the incident, thinking that cancelling the job is equivalent to sufficiently addressing the UDCI.
The procedure to address a UDCI often includes notifying specific people, such as personnel who are part of an investigation team, about the event and completing a number of forms for approval by appropriate personnel. The complexity of the procedure becomes increasingly difficult the longer the UDCI event goes unreported. Given any delay in the discovery of a UDCI, the investigation team encounters a greater difficulty identifying exactly when the contamination took place, which increases the time and expense in fully addressing the UDCI event. As result, millions of dollars are spent annually by organizations, such as government offices and private companies, to clean up UDCI incidents from unauthorized information systems, applications or media.